Recent DoS attacks on Minetest servers

[rarkenin]

Sadly, there was a series of DoS/flood attacks on Minetest servers. I have found that this was caused by hexafraction, using my public WiFi. This service has since been taken down. While the originating IPs do correspond to the IPs I use(plural as dynamic), I cannot, and will not take responsibility of hexafraction. I am not his police, nor am I the police of the Minetest community. Please do not direct ANY inquiries about this toward me; direct them toward the person truly responsible, hexafraction.

Also, pardon my acidic behavior in IRC when I was requested to deal with the situation. It is generally irritating to arrive and find people seeking you for the actions of others.

Again, I'm not going to answer for hex. I am not his secretary. Don't ask me about it, unless you are trying to work with me on deblacklisting the IP address that I am allocated. If I am deblacklisted, I will work with hex to ensure this does not happen again. At the moment, I am passively standing by.

I quit a while ago. I'm not dealing with your drama.

[VanessaE]

Although you are not personally responsible for the actions of someone else, because you opened your WiFi connection to others, and the IP through which your connection is routed is based in the US, you are legally responsible for those actions. Stupid, I know, but that's the state of things right now.

No sane person expects you to answer for hex or anyone else who used your WiFi. The most anyone here could reasonably expect is for you to do exactly what you did - find the cause and deal with it (by closing off your WiFi in this case).

As for "our drama", just as you are not (or rather, should not be) responsible for hex's actions, neither are we. We as a community are no more responsible for any one user's actions than we are for the severe weather that ripped up the US midwest in the past couple of days. If someone wants to avoid drama, they'd best avoid starting it in the first place.

No one is forcing those people (yourself included) to take the actions they've been taking. Indeed, it is all these ragequitters who are at fault, not us (beyond whatever faults each individual in this community already has).

[rarkenin]

I have taken all reasonable action possible on my side. The WiFi link has been taken down(it DID have an on-connect disclaimer powered by a small webserver before), and I am working personally with hex to figure out the whys(seems to be to prove a point that MT is a "security failure", the hows(AFAIK a Java program that sent TOCLIENT_INITs and TOCLIENT_INIT2's), and other details. I'd appreciate it if after a week or so, my IPs were removed from the blacklists that I know are on your(vanessaE) server, and the other servers which were targeted. Thank you.

[PilzAdam]

Sorry, but I dont believe you.
Do you have a link to the IRC logs?

[LandMine]

id say call the cops and let them handle it....let him tell them the story of his imaginary friend to them ......Any ip you blacklisted is obviously his real ip. Still i dunno how serious minor DDosing is in US

[rarkenin]

After thinking the situation over for some time, I feel as if the proper thing for me to do as the WiFI operator is to apologize for the damage and technical issues as a result of the attack. However, as I am NOT the originator, I do NOT take any moral obligation/responsibility for this attack. Again, I apologize to the community of Minetest for not quickly acting on the problem or working with the community in a fully constructive manner to resolve the issue. My annoyance in #minetest after being notified was unjust and unnecessary.

Thank you. Do not deblacklist me for the time being.

[tinoesroho]

I don't know whether to punch hex or shake his hand. He made it impossible for me to play on the uplink server, but did point out flaws in the system. I do wish he'd simply warned ahead of time and made the vulnerability public so we could fix it rather than just DOSing, but, can't have an omlette without breaking a few eggs.

[rarkenin]

I don't know whether to punch hex or shake his hand. He made it impossible for me to play on the uplink server, but did point out flaws in the system. I do wish he'd simply warned ahead of time and made the vulnerability public so we could fix it rather than just DOSing, but, can't have an omlette without breaking a few eggs.

I've personally (figuratively, of course) done both. I personally think that we put this incident behind ourselves, and work on fixing the issues brought up. Perhaps limiting logins or implementing some form of proof-of-work to login would be good.

As I've mentioned, both of us have recently experienced a loss of a friend, and the stress apparently caused hex to break down. We'll be moving on ourselves.